Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LMS 2.6 + SSG

I'm having a problem with LMS 2.6 and pushing configs out to our firewalls. We don't allow telnet into the firewalls, only SSH. LMS pulls the configs without a problem, but when I try to modify a config and push it out to a firewall it only seems to attempt to telnet and fails, so the config never gets pushed out. I made sure that SSH is the first in the list under RME transport settings for config deploy. Am I missing something else?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: LMS 2.6 + SSG

Ah, okay, this just means that telnet was attempted because SSH failed. The error points to a problem with one of the commands being deployed to the device. Exactly what are you deploying, and in what mode (merge or overwrite)?

16 REPLIES
Cisco Employee

Re: LMS 2.6 + SSG

What RME application are you using to push the change (i.e. Archive Mgmt, Config Editor, Netconfig)?

New Member

Re: LMS 2.6 + SSG

Config Editor

Cisco Employee

Re: LMS 2.6 + SSG

Then you need to select Config Editor from the pull-down in the RME > Admin > Config Mgmt > Transport Settings window, and make sure the deploy protocol order is correct there as well.

New Member

Re: LMS 2.6 + SSG

Yea that's what I did...I have SSH, Telnet, TFTP, SCP as selected protocols under config deploy for Config Editor...in that order.

Cisco Employee

Re: LMS 2.6 + SSG

Please post the job log from a failing Config Editor job.

New Member

Re: LMS 2.6 + SSG

Here is the log from the last job I tried to run (I starred out the IP):

Command(s) failed on the device TELNET: Failed to establish TELNET connection to *.*.*.* - Cause: connect timed out. Insufficient no. of interactive responses(or timeout) for command

Cisco Employee

Re: LMS 2.6 + SSG

Ah, okay, this just means that telnet was attempted because SSH failed. The error points to a problem with one of the commands being deployed to the device. Exactly what are you deploying, and in what mode (merge or overwrite)?

New Member

Re: LMS 2.6 + SSG

Ah I think I see the problem...I'm modifying an access-list and out of habbit I put no in front of the line I want to remove instead of just removing it...I'm going to try it again tonight...thanks! :)

New Member

Re: LMS 2.6 + SSG

Maybe I spoke to soon...I did remove the access-list line entirely...i still get the same error. Here it is:

e Command(s) failed on the device Insufficient no. of interactive responses(or timeout) for command: no access-list in_out extended permit ip host *.*.*.* any . TELNET: Failed to establish TELNET connection to *.*.*.* - Cause: connect timed out.

Cisco Employee

Re: LMS 2.6 + SSG

What happens when you run the command manually:

no access-list in_out extended permit ip host *.*.*.* any

What does the device say?

New Member

Re: LMS 2.6 + SSG

That's weird the access-list line gets removed even though I get the error (using RME). I tried removing 3 access-list lines instead of just one, I still get the same error, but one line does get removed. The line that gets removed is the same line that shows up in the error, and the other 2 lines do not get removed.

It works without a problem if I do it manually.

Cisco Employee

Re: LMS 2.6 + SSG

The device does not prompt you for anything when entering the problematic line?

New Member

Re: LMS 2.6 + SSG

Nope..if I paste the multiple lines directly I get no prompts from the firewall.

Cisco Employee

Re: LMS 2.6 + SSG

It would help to see the Config Editor job log with Config Job debugging enabled. If this data is too sensitive to post on an open forum, then I suggest you open a TAC service request.

New Member

Re: LMS 2.6 + SSG

Ok I enabled debugging for the config job...but the information in the job browser looks the same...where would I find the debug logs?

Cisco Employee

Re: LMS 2.6 + SSG

/var/adm/CSCOpx/files/rme/jobs/ConfigEditor on Solaris and NMSROOT\files\rme\jobs\ConfigEditor on Windows.

163
Views
0
Helpful
16
Replies